Other Usage
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is Splunk alert not firing email?

izzie123
Path Finder
‎06-21-2023 10:57 AM

Hello,

I have set an alert which generates around 50-60 events everyday. I have configured this alert to send mails to my email id, I have been observing that not all events generate emails and the count of the alert events and the mails received mismatches.

The alert mail is not fired intermittently. Can you please suggest some ways to troubleshoot the cause of this problem?

Thanks in advance

Labels (2)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-21-2023 11:06 AM

Hi

you should look from _internal have those fired and if what has happened to them. You should also remember that email isn’t 100% sure delivery method.

Here are some links to this issue:

r. Ismo

0 Karma
Reply

izzie123
Path Finder
‎06-21-2023 10:40 PM

Thanks for your answer @isoutamo 
I checked the internal logs and found this error : 

ERROR:root:(421, b'4.4.2 Message submission rate for this client has exceeded the configured limit',")

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎06-21-2023 11:57 PM

Your splunk server has sent too many alert emails in short period so smtp server refused to accept more. Are you sure that you don’t sent own alert per event instead of one email per running the alert?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...